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1. INTRODUCTION 

Since the start of the 20th century, many different formal logical systems have 
been proposed as foundations for mathematics. Each of these foundational systems 
provides a formal language in which the statements of mathematics can be written, 
together with axioms and rules of deduction by which, it is claimed, the theorems 
of mathematics can be deduced. These different systems were often motivated 
by different philosophical schools of thought on the question of which proofs and 
constructions in mathematics are valid. These schools include constructivism, which 
holds that the use of the axiom of excluded middle is illegitimate, and predicativism, 
which holds that definitions that involve a certain form of circularity are illegitimate. 

Proof assistants or proof checkers are tools that help the user to construct formal 
proofs of theorems in these formal logical systems, and provide a guarantee of 
each proof's correctness. The logical systems known as type theories have proven 
particularly successful for this purpose. However, so far, the type theories that 
have been used have almost exclusively been constructive. Examples include the 
proof checker Coq [The Coq development team 2006] based on the type theory 
CIC [Bcrtot and Casteran 2004], and the proof checker Agda [Norell 2007] based 
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on Martin-L6f Type Theory [Nordstrom et al. 1990]. 

We would like to investigate how the other schools in the foundations of math- 
ematics may be formalised with type theories. As a first case study, we chose the 
classical, predicative system presented in Hermann Weyl's 1918 text Das Kontin- 
uum [Weyl 1918]. In this book, Weyl investigates how much of the mathematical 
corpus can be retained if wc restrict ourselves to predicative definitions and meth- 
ods of proof. He presents a foundational system in which it is impossible to perform 
an impredicative definition. He proceeds to construct the real numbers and prove 
many theorems of mathematics within this system. It is an excellent example of a 
fully developed non-mainstream foundational system for mathematics. 

In the system Weyl presents in Das Kontinuum, only arithmetic sets may be 
constructed. We can form the set 

{x I <j>[x]} 

only if the proposition (f>[x] is arithmetic — that is, it does not involve quantification 
over sets. Weyl's aim was to investigate how much mathematics we can reconstruct 
while restricting ourselves to the arithmetic sets. He shows that many results that 
arc usually proven impredicatively can be proven predicatively; and that, even for 
those results that cannot, one can often prove a weaker result which in practice is 
just as useful. 

We have constructed a system LTT^ that corresponds very closely to the semi- 
formal system that Weyl presented. Our system LTT^ is a logic- enriched type 
theory (LTT), a type theory extended with a separate mechanism for forming and 
proving propositions. It contains types of natural numbers, ordered pairs and func- 
tions; classical predicate logic with equality, together with the ability to prove 
propositions by induction; and the ability to form sets by predicative definition. 

We have used the proof assistant Plastic to formalise in LTT^ many of the 
theorems and proofs presented in Weyl [1918]. The work presented here forms a case 
study in how type theory — specifically logic-enriched type theories — may be used 
outside the realm of constructive mathematics, to construct foundational systems 
in such a way that it is practicable to carry out machine-supported formalisation 
of proofs. 

1.1 Outline 

In Section 2, we give some background on logic-enriched type theories and the 
historical context to Weyl's work. In Section 3, wc describe in detail the version of 
Weyl's foundational system we shall be using. We proceed in Section 4 to describe 
a logic-enriched type theory within a modified version of the logical framework LF^ 
[Luo 1994]. We claim that this logic-enriched type theory faithfully corresponds to 
the system presented in the preceding section. In Section 5, we describe the results 
proven in the formalisation, which was carried out in a modified version of the proof 
assistant Plastic [Callaghan and Luo 2001], an implementation of LF. In Section 6, 



'^The logical framework LF here is a Church- typed version of Martin-Lof's logical framework 
[Nordstrom ct al. 1990], and is not to be confused with the Edinburgh LF [Harper ct al. 1993]. 
Among other differences, LF allows the user to declare computation rules, and hence to specify 
type theories such as Martin-Lof's type theory [Nordstrom et al. 1990] and UTT [Luo 1994] . 
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Fig. 1: The division of types into propositions and datatypes in several different 
type theories. A universe is placed under another, joined by a line, if the first is an 
object of the second. The kind Type is placed above the type universes, and the 
kind Prop above the propositional universe of LTTw 

we describe some of the other approaches to predicativity that have been followed, 
and discuss how they might be formalised in a similar way. 

A preliminary version of this paper appeared in the proceedings of TYPES 2006 
[Adams and Luo 2007] . The source code of the formalisation, together with a list 
of all the definitions and results in Das Kontinuum, is available at 
http : //www . OS . rhul . ac . uk/~robin/weyl 

2. BACKGROUND 

2.1 Type Theories for Non-constructive Mathematics 

A type theory divides mathematical objec;ts into types. The types themselves are 
often collected into universes. The usual method for using a type theory as a logical 
system is known as propositions as types: some or all of the types are identified 
with propositions, and the objects of each type with proofs of that proposition. We 
prove a theorem by constructing an object of the appropriate type. In Martin-L6f 
Type Theory (MLTT) [Nordstrom et al. 1990], every type is considered a propo- 
sition. In other type theories, such as ECC [Luo 1994] or CIC, the basis for the 
proof checker Coq [The Coq development team 2006], only some of the types are 
considered propositions, and these are collected into a universe, usually denoted 
by Prop. The other types are often called datatypes to distinguish them. Figure 1 
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shows the universe structure of several type theories. 

When types are identified with propositions in this way, many natural type con- 
structions correspond to the connectives of intuitionistic logic. For example, the 
non-dependent product A x B corresponds to conjunction {A A B), and the depen- 
dent product n.T : A.B corresponds to universal quantification (Vx : A.B). That 
is, the introduction and elimination rules ior A x B mirror the introduction and 
elimination rules for conjunction in intuitionistic logic; similarly, the rules for de- 
pendent product mirror those for universal quantification. Type theories are thus 
very well suited for formalising intuitionistic mathematics. 

There are several ways in which a type theory may be modified so as to be ap- 
propriate for formalising classical mathematics. This cannot however be done with- 
out changing the structure of the datatypes, because the two interact so strongly. 
In MLTT, they are one and the same; in ECC or CIC, the universes Typeg, 
TypC]^,. . . contain both propositions and datatypes. 

It is possible to introduce constructions into the type theory so that the theory's 
rules now mirror the rules of deduction of classical logic, such as the 'freeze' and 
'unfreeze' operations of the A/x-calculus [Parigot 1992]. However, doing so allows 
new objects to be formed in the datatypes. 

There have also been several formalisations of classical proofs which used an 
intuitionistic type theory with additional axioms, such as Gonthier's proof of the 
Four Colour Theorem [Gonthier 2005] , which extended the proof checker Coq with 
axioms for the real numbers that imply the axiom of excluded middle. However, this 
approach introduces non-canonical objects into the datatypes. (Further discussion 
on these points can be found in [Luo 2006].) 

This problem does not arise in the systems known as logic- enriched type theories 
(LTTs) introduced by Aczel and Gambino [Aczel and Gambino 2002; Gambino and 
Aczel 2006]. These are type theories in which the propositions and the datatypes 
are completely separate. It is thus possible to introduce axioms or new rules of 
deduction without affecting the datatypes. We shall construct such an LTT in this 
paper, which we shall call LTT^. Its universe structure is also shown in Figure 1. 

There are several features of type theory that are of especial benefit for proof 
assistants: each object carries a type which gives information about that object, 
and the type theory itself has a primitive notion of computation. We contend that 
the intuitions behind type theory apply outside of intuitionistic mathematics, and 
that these advantages would prove beneficial when applied to other forms of proof. 
It is equally natural in classical mathematics to divide mathematical objects into 
types, and it would be of as much benefit to take advantage of the information 
provided by an object's type in a classical proof. The notion of computation is an 
important part of classical mathematics. When formally proving a property of a 
program, we may be perfectly satisfied with a classical proof, which could well be 
shorter or easier to find. 

We further contend that it is worth developing and studying type theories specif- 
ically designed for non-constructive mathematical foundations. For this purpose, 
logic-enriched type theories would seem to be particularly appropriate. 
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2.2 Logic-Enriched Type Theories 

The concept of an LTT, an extension of the notion of type theory, was proposed by 
Aczel and Gambino in their study of type-theoretic interpretations of constructive 
set theory [Aczel and Gambino 2002; Gambino and Aczel 2006]. A type-theoretic 
framework, which formulates LTTs in a logical framework, has been proposed in 
[Luo 2006] to support formal reasoning with different logical foundations. In par- 
ticular, it adequately supports classical inference with a predicative notion of set, 
as described below. 

An LTT consists of a type theory augmented with a separate, primitive mecha- 
nism for forming and proving propositions. We introduce a new syntactic class of 
formulas, and new judgement forms for a formula being a well-formed proposition, 
and for a proposition being provable from given hypotheses. 

An LTT thus has two rigidly separated 'worlds': the datatype world of terms 
and types, and the logical world of proofs and propositions, for describing and 
reasoning about the datatype world. This provides two advantages over traditional 
type theories: 

— We have separated the datatypes from the propositions. This allows us to 
add axioms without changing the datatype world. We can, for example, add the 
axiom of excluded middle without thereby causing all the datatypes of the form 
A + {A^ 9i) to be inhabited. 

— We do not have any computation rules on proofs. Further, a proof cannot 
occur inside a term, type or proposition. We are thus free to add any axioms we 
like to the logic: we know that, by adding the axiom of excluded middle (say), we 
shall not affect any of the properties of the reduction relation, such as decidability 
of convertibility or strong normalisation. 

2.2.1 Remark. The clear separation between logical propositions and data types 
is an important salient feature of LTTs [Aczel and Gambino 2002: Gambino and 
Aczel 2006] and the associated logical framework [Luo 2006]. In Martin-Lof's 
type theory, for example, types and propositions are identified. The second au- 
thor has argued, in the development of ECC/UTT [Luo 1994] as implemented in 
Lego/Plastic [Luo and Pollack 1992: Callaghan and Luo 2001], that it is unnat- 
ural to identify logical propositions with data types and there should be a clear 
distinction between the two. This philosophical idea was behind the development 
of ECC/UTT, where propositions are types, but not all types are propositions. 
LTTs have gone one step further - propositions and types are separate syntactic 
categories. 

2.3 Foundations of Mathematics 

When building a foundational system for mathematics, two of the decisions that 
must be made are: 

(1) Whether the logic shall be classical or intuitionistic. In intuitionistic logic, 
principles such as excluded middle (</> V -i^) or -Nx4>{x) 3x^4'{x) are not uni- 
versally valid. A proof of </> V V' must provide a way of deciding which of ^ or V 
holds, and a proof of 3x4>{x) must provide a way of constructing an x for which 
^{x) holds. 
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(2) Whether impredicative definitions are ahowed, or only predicative. A defini- 
tion is impredicative if it involves a certain kind of 'vicious circle', in which an object 

is defined in terms of a collection of which it is a member. (A detailed discussion 
of the concept of predicativity and its history is given in Section 6.) 

Each of the four possible combinations of these options has been advocated as a 
foundation for mathematics at some point in history. 

— Impredicative classical mathematics. This is arguably the way in which 

the vast majority of practising mathematicians work. Zermelo-Fraenkel Set Theory 
(ZF) is one such foundation. The proof checker Mizar [Muzalewski 1993] has been 
used to formalise a very large body of impredicative classical mathematics. 

— Impredicative constructive mathematics. Impredicative type theories 

such as CC [Coquand and Huet 1988], UTT [Luo 1994], and CIC [Bertot and 
Casteran 2004] are examples of such foundations. These have been implemented by 
the proof checkers LEGO [Pollack et al. 2001] and Coq [The Coq development team 
2006]. 

— Predicative classical mathematics. This was the approach taken by Weyl 
in his influential monograph of 1918, Das Kontinuum [Weyl 1918]. Stronger pred- 
icative classical systems have been investigated by Feferman [Feferman 1964] and 
Schiitte [Schiitte 1965]. 

— Predicative constructive mathematics. Its foundations are provided, for 
example, by Martin-Lof's type theory [Nordstrom et al. 1990; Martin-L6f 1984]. 

LTTs may provide a uniform type-theoretic framework that can support formal 
reasoning with these four different logical foundations and others. This idea is 
discussed further in [Luo 2006]. 

In this paper, we present a case study in the type-theoretic framework: to con- 
struct an LTT to represent the predicative, classical foundational system of math- 
ematics developed by Weyl in his monograph Das Kontinuum [Weyl 1918], and to 
formalise in that LTT several of the results proven in the book. 

The system presented in the book has since attracted interest, inspiring for exam- 
ple the second-order system ACAq [Feferman 2000] , which plays an important role 
in the project of Reverse Mathematics [Simpson 1999] . It is a prominent example of 
a fully developed non-mainstream mathematical foundation, and so a formalisation 
should be of quite some interest. 

3. WEYL'S PREDICATIVE FOUNDATIONS FOR MATHEMATICS 

Hermann Weyl (1885-1955) contributed to many branches of mathematics in his 
lifetime. His greatest contribution to the foundations of mathematics was the book 
Das Kontinuum [Weyl 1918] in 1918, in which he presented a predicative foundation 
which he showed was adequate for a large body of mathematics. 

The semi-formal presentation of the foundational system in Das Kontinuum 
would not be acceptable by modern standards. Weyl does not give a rigorous 
formal definition of his syntax, axioms or rules of deduction. In this section, we 
shall give a formal definiton of a modern reconstruction of Weyl's foundational 
system. 
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The notation of our system shall differ considerably from Weyl's own. We shall 
also include several features not present in Weyl's system which are redundant in 
theory, but very convenient practically. The differences between our system and 
Weyl's shall be discussed under Section 3.1.6 below. 

3.1 Weyl's Foundational System 

Weyl's system is constructed according to these principles: 

(1) The natural numbers are accepted as a primitive concept. 

(2) Sets and relations can be introduced by two methods: explicit definitions, which 
must be predicative; and definition by recursion over the natural numbers. 

(3) Statements about these objects have a definite truth value; they are either true 
or false. 

Regarding point 2, wc arc going to provide ourselves with the ability to define 
sets by abstraction: given a formula (j>[x] of the system, to form the set 

S={x\d[x]}. (1) 

In order to ensure that every such definition is predicative, we restrict which quan- 
tifiers can occur in the formula (j)[x] that can appear in (1): we may quantify over 
natural numbers, but we may not quantify over sets or functions. In modern ter- 
minology, we would say that (j)[x] must be arithmetic; that is, it must contain only 
first-order quantifiers. 

3.1.1 Components of Weyl's System. Weyl divides the universe of mathematical 
objects into collections which he calls categories. The categories are divided into 
basic categories and ideal categories. Each category has objects. There arc also 
propositions, which are divided into the arithmetic^ propositions, and the large 
propositions. 

3.1.2 Categories 

(1) There is a basic category N, whose objects are called natural numbers. 

(2) For any two categories A and B, there is a category Ax B, whose objects are 
called pairs. If A and B are basic categories, then ^4 x B is a basic category; 

otherwise, A x B is ideal. 

(3) For any two categories A and B, there is a category A^ B, whose objects are 
called functions. The category A=> B is always an ideal category. 

(4) For any category A, there is a category Set (A), whose objects are called sets. 
The category Set (A) is always an ideal category. 

For applications to other branches of mathematics, the system may be extended 
with other basic categories. For example, when formalising geometry, we may 
include a basic category of points and a basic category of lines. 



•^Weyl chose the German word finite, which in other contexts is usually translated as 'finite'; 
however, we agree with Pollard and Bole [Weyl 1994] that this would be misleading. 
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3.1.3 Objects. For each category A, there is a collection of variables associated 
with A. 

(1) Every variable associated with a category A is an object of category A. 

(2) There is an object of the category N. 

(3) For every object n of the category N, there is an object s(n) of the category N, 
the successor of n. 

(4) For every object a of category A and b of category B, there is an object (a, b) 
of category Ax B. 

(5) For every object p of category A x B, there is an object 7ri(p) of category A 
and an object 772(6) of category B. 

(6) Let X be a variable associated with category A, and b an object of category B. 
Then there is an object Xx.b of category A =^ B. 

(7) For every object / of category A ^ B and object a of category A, there is an 
object /(a) of category B. 

(8) Let X be a variable associated with category A, and (j) an arithmetic proposition. 
Then there is an object {a; | (j)} of category Set {A). 

(9) Let / be an object of category A ^ A. Then there is an object f : A x N ^ A, 
the iteration of /. (Intuitively, f{{x,n)) is the result of applying f to x, n 
times.) 

3.1.4 Propositions 

(1) If j4 is a basic category, and a and b are objects of A, then there is an arithmetic 

proposition a = b. 

(2) If a is an object of category A, and S an object of category Set {A), then there 
is an arithmetic proposition a G S. 

(3) If is a proposition, then -i0 is a proposition. If (j) is arithmetic, then -1^ is 
arithmetic; if is large, then -1^ is large. 

(4) If (f> and tp are propositions, then (j) Ai/j, V V' and (p D i/j arc propositions. If 
(/i and -0 are arithmetic, then these three propositions are arithmetic; if either 
(f) or ijj is large, then these three propositions are large. 

(5) If X is a variable associated with A and cp is a proposition, then Vxcp and 3x(p 
are propositions. If A is basic and (p is arithmetic, then these two propositions 
are arithmetic. If A is ideal or <p is large, then these two propositions are large. 

We define an operation of substitution [a/x]E that avoids variable capture. Here 
a is an object and x a variable of the same category, and E is either an object or 
a proposition. We omit the details of the definition. 

We write ^ -i-^ ip for {(p D ip) A {tp D (p). 
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We also define an equality relation on every category. For any category A and 
objects a and b of A, we define the proposition a =a b as follows. 

— If j4 is a basic category, then a =a b is the proposition a = b. 

— If A is B X C and either B or C is ideal, then a =a b is the proposition 

7ri(a) =B 7ri(6) A 772(0) =c 772(6) . 

— If j4 is B C, then o =a b is the proposition 

\/x.a{x) =c b{x) 

where x is associated with B. 
— If A is Set {B), then a =a b is the proposition 

\/x{x € a <^ X ^ b) 

where x is associated with B. 

3.1.5 Axioms. The theorems of Weyl's system are those that can be derived via 
classical predicate logic from the following axioms: 

(1) For any basic category A, 

Mx.x = X 
\lx\/y{x = y D (j) D [y/x](p) 

where <p is any proposition, and x and y are associated with A. 

(2) Peano's axioms for the natural numbers: 

yx^{s{x) = 0) 
yx\/y{s{x) = s{y) D x = y) 
[0/a;]</> D \/x{(j) D [s{x)/x](j)) D \/x(p 

for any proposition </>, arithmetic or large. 

(3) For any categories A and B, 

Va;Vy.7ri((a;,2/)) =a x 
\/x"iy.TT2{{x,y)) =b y 

where x is associated with A and y with B. 

(4) For any categories A and B, and any object b of category B, 

Vy((Ax.6)(y) =B [y/x]b) 

where x and y are associated with A. 

(5) For any category A and arithmetic proposition </>, 

Vy(t/ e {a; I 0} [y/x]4>) 

where x and y are associated with A. 

(6) For any category A and object / of category A =^ A, 

M7{x,0) =A x) 
yx\fn{f{ix,s{n))) =A 7((/(x),n))) 
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3.1.5.1 Definition by Recursion. The operation of iteration allows us to define 
functions by primitive recursion. Let f : A=i- A and g : A x A x N => A. Suppose 
we want to define the function /i : A x N A such that 

hia,0) = fia) 
h{a,n+l) = g{h{a,n),a,n) 

This can be done as follows. Define fctAxAxN^AxAxNby 

k{x,y,n) = {g{x,y,n),y,n+l) . 

Then 

h{a,n)=TTl(k{{f{a),a,0),n)) , 

where TTf{a, h, c) = o. 

3.1.6 Extensions to Weyl's System. There are two features in our system which 
were not explicitly present in Weyl's system, but which can justifiably be seen as 
conservative extensions of the same. 

Weyl did not have the categories A x B of pairs, and did not have all of the 
function categories A => B of our system. Instead, apart from the basic categories, 
the categories of Weyl's system were those of the form 

Set {Bi X • • • X Bn) and Ai x • • • x Am Set {Bi x ■ ■■ x Bn) 

in our notation. 

Instead of a category N N, functions from N to N in Das Kontinuum are sets 
of ordered pairs, of category Set (N x N). 

Weyl allowed the iteration only of functions from a category Set {Ai x • • • x An) 
to itself (the 'Principle of Iteration' [Weyl 1994, p. 36]). He showed by example how 
definition by recursion is then possible: addition is defined by iterating a suitable 
function from Set (N x N) to Set (N x N) [Weyl 1994, p. 51], and multiplication is 
defined in an 'entirely analogous' manner [Weyl 1994, p. 53]. 

Wo have also deviated from Weyl's system in two more minor ways. We have 
used a primitive operation s(x) for successor, where Weyl used a binary relation 
Sxy. We choose to start the natural numbers at 0, where Weyl begins at 1. 

4. WEYL'S FOUNDATION AS A LOGIC-ENRICHED TYPE THEORY 

A modern eye reading Das Kontinuum is immediately struck by how similar the 
system presented there is to what we now know as a type theory; almost the only 
change needed is to replace the word 'category' with 'type'. In particular, Weyl's 
system is very similar to a logic- enriched type theory (LTT). 

The LTT we shall construct, which we shall call LTT^, must involve: 

— natural numbers, ordered pairs and functions; 

— predicate logic; 

— the ability to prove propositions by induction; 
— the formation of sets. 

We shall need to divide our types into small and large types, corresponding to 
Weyl's basic and ideal categories. We shall also need to divide our propositions 
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(1) Rules of Deduction for Type and El 

r valid T\- A: Type 



A = B : Type 



rh Type kind T\-El{A) kind 
(2) Rules of Deduction for Prop and Prf 
T valid r h P : Prop 



r\- El (A) = El (B) 



T\- P = Q: Prop 



rh Prop kind T \- Prf (P) kind 



r h Prf (P) = Prf (Q) 



Fig. 2: Kinds Type and Prop in LF' 



into arithmetic and large propositions. To make these divisions, we shall use a type 

universe and a propositional universe. 

There exist today many logical frameworks, designed as systems for representing 
many different type theories. It requires only a small change to make a logical 
framework capable of representing LTTs as well. Wc have constructed LTT^ within 
a variant of the logical framework LF [Luo 1994], which is implemented by the proof 
checker Plastic [Callaghan and Luo 2001]. 

4.1 Logic-Enriched Type Theories in Logical Frameworks 

Recall that a logical framework, such as LF, is intended as a metalanguage for 
constructing various type theories, the object systems. The frameworks consist of 
kinds and objects. An object system is constructed in a framework by making 
certain declarations, which extend the framework with new constants and rules of 
deduction. 

A type theory divides mathematical objects, or terms, into types. The framework 
LF provides a kind Type and a kind constructor El. The intention is that LF be 
used for constructing a type theory, with the types represented by the objects of 
kind Type, and the terms of the type A by the objects of kind El {A). Further 
details can be found in [Luo 1994]. 

A logic- enriched type theory has two new syntactic categories: besides terms and 
types, there arc propositions and proofs. To make LF capable of representing LTTs, 
we add a kind Prop and a kind constructor Prf. We shall refer to this extended 
framework as LF'. The rules of deduction for these new kinds Prop and Prf {■ ■■) 
are given in Figure 2, along with the rules those for Type and El, for comparison. 
The full syntax and rules of deduction of LF' are given in Appendix A. 

We construct an LTT in LF' by representing: 

— the types by the objects of kind Type; 

— the terms of type A by the objects of kind El {A); 

— the propositions by the objects of kind Prop; 

— the proofs of the proposition by the objects of kind Prf {4>) . 
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Natural Numbers 

N : Type 

: N 

s : N^N 

En : (C : N ^ Type)CO ^ {{x : N)Cx C(sa;)) ^ (n : N)Cn 
IndN : (P : N ^ Prop)Pr/ (PO) ^ ((a; : N)Pr/ (Pa;) ^ Pr/ (P(sa;))) ^ 

(n : N)Prf (Pn) 

EnCabO = a : El (CO) 
E^Cabisn) = hn{EnC abn) : El{C{sn)) 

Implication 

D : Prop — > Prop — > Prop 
Dl : (P : Prop)(Q : Prop) (Pr/ (P) ^ Prf (Q)) ^ Pr/ (P D Q) 
DE : (P : Prop)(Q : Prop)Pr/ (P D Q) ^ Pr/ (P) ^ Pr/ (Q) 

Peirce's Law 

Peirce : (P : Prop)(Q : Prop) ((Pr/ (P) ^ Prf (Q)) Prf (P)) ^ Pr/ (P) 



Fig. 3: Some of the constants involved in the declaration of LTT^ in LF' 

4.1.1 Example. When constructing an LTT in LF', we can include conjunction 
by making the following declarations: 

A : Prop — > Prop — > Prop 

AI : {p,q: Prop)Pr/ (p) ^ Prf (q) ^ Prf (Apq) 

AEl : {p,q: Prop)Pr/ {Apq) Prf (p) 

AE2 : (j>,q: Prop)Pr/ (Apq) Prf (q) 

This has the effect of extending the logical framework with the constants A, A J, 
A£^l and AE2. The first allows propositions of the form (p A tp to he formed, and 
the last three are the introduction and elimination rules. 

4.2 Natural Numbers, Products, Functions and Predicate Logic 

We can now proceed to construct a logic-enriched type theory LTTw that corre- 
sponds to the foundational system Weyl presents in Das Kontinuum. In the body of 
this paper, we shall describe a few of the declarations that comprise the specification 
of LTTw in LF'. The full list of declarations is given in Appendix B. 

Our starting point is an LTT that contains, in its datatype world, a type N of 
natural numbers, as well as non-dependent product and function types Ax B and 
A=^ B; and, in its logical world, classical predicate logic. We present some of the 
declarations involved in its specification in Figure 3, namely those involving natural 
numbers and implication. The rules for natural numbers include the elimination 
rule, which allows the definition of functions by recursion over N, and the rule for 
proof by induction. 
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4.3 Type Universes and Prepositional Universes 

We have introduced our collection of types. We now divide them into the small 
and large types. 

We use a familiar device to do this: a type universe. A type universe C/ is a type 
whose objects are names of types^. The types that have a name in U are the small 
types, and those that do not (such as U itself) as the large types. We also introduce 
a constructor T. For each name a : U. the type T{a) is the type named by a. 

For our system, wc need a universe U that contains a name for N, and a method 
for constructing a name for Ax B out of a name for A and a name for B. We also 
need to introduce a relation of equality for every small type. These are both done 
by the constants declared in Figure 4. 

We also need to divide our propositions into the arithmetic propositions and 
the large propositions. To do so, we use the notion in the logical world which is 
analagous to a type universe: a propositional universe. 

We wish to introduce the collection 'prop' of names of the arithmetic propositions; 
that is, the propositions that only involve quantification over small types. We also 
introduce the constructor V; given P : prop, V{P) shall be the small proposition 
named by P. 

It is not immediately obvious where the collection 'prop' should live. We choose 
to declare prop : Prop, and use the objects of kind Prf (prop) for the names of 
the small propositions. 

Now, it must be admitted that prop is not conceptually a proposition; it does 
not assert any relation to hold between any mathematical objects. We could have 
declared prop : Type instead. It makes no practical difference for this formalisation 
which choice is made. 

We chose to declare prop : Prop as this provides a pleasing symmetry with U 
and Type, and prop seems to belong more to the logical world than the datatype 
world. Until more foundational work on LTTs has been done, we accept this com- 
promise: prop is a 'proposition', each of whose 'proofs' is a name of an arithmetic 
proposition.'' Wc discuss this matter further in Section 4.5. 

The declarations associated with prop are given in Figure 4(3). Note that the 
propositional universe provides us with our first examples of computation rules for 
propositions. 

4.4 The Predicative Notion of Set 

We now have all the machinery necessary to be able to introduce typed sets. For 
any type A, we wish to introduce the type Set (A) consisting of all the sets that can 
be formed, each of whose members is an object of type A. (Thus we do not have 
any sets of mixed type.) We take a set to be introduced by an arithmetic predicate 
over A; that is, an object of kind A Prf (prop), a function which takes objects 
of A and returns (a name of) an arithmetic proposition. 



^Such a universe is called a universe a la Tarski, as opposed to a universe d la Russell, where the 
objects of the universe arc themselves types. 

^Other alternatives would be to introduce a new top-kind to hold prop, or to make prop itself a 
top-kind. We do not discuss these here. 
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(1) The Type Universe 






U : Type 




T : U^Type 




N : U 




X : U^U^U 




TN = N: Type 




T{axb) = TaxTb: Type 


(2) Prepositional Equality 


~ : (A : U)TA -^TA-> Prop 


~ / : {A:U){a: TA)Prf {a c^a a) 


~ : (A : U){P : TA Prop)(a, b : TA) 




Prf {a c^A b) ^ Prf {Pa) ^ Prf (Pb) 


(3) The Prepositional Universe 


prop 


Prop 


V 


Prf (prop) — > Prop 


1 


Prf (prop) 


5 


Prf (prop) Prf (prop) Prf (prop) 


V 


(a : U){Ta Prf (prop)) ^ Prf (prop) 




(a : U)Ta ^ Ta ^ Prf (prop) 


V{±) - 


= _L : Prop 


V{p5q) -- 


= Vp D Vq : Prop 


V{\/ap) = 


= V(Ta) [x : Ta]Vipx) : Prop 


V{s£^at) -- 


= s ~o i : Prop 



Fig. 4: A type universe and a propositional universe 



We therefore include the foUowing in our LTT: 

— Given any type A, we can form the type Set {A) . The terms of Set {A) are all 
the sets that can be formed whose elements are terms of type A. 

— Given a arithmetic proposition <p[x] with variable x of type A, we can form 
the set {x:A\ 0[a;]} : Set (A). 

— If a : A and X : Set (A), we can form the proposition a G X, which is 

arithmetic. 

— Finally, wc want to ensure that the elements of the set {a; : A | 4>[x]} are 
precisely the terms a such that (l)[a] is true. This is achieved by adding a computation 
rule on propositions: 

a G {x : A\ (t>[x]} computes to <p[a] . (2) 
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Set 


: Type ^ Type 




set 


: (A : Type) (A - 


> Prf (prop)) ^ Set (A) 


e 


: {A : Type) A ^ 


Set {A) Prf (prop) 


e^a(set^P) 


= Pa : Prf (prop) 





Fig. 5: The Predicative Notion of Set 



The type Set {A) is to be a large type; we do not provide any means for forming a 
name of Set (A) in U. 

Wc therefore make the declarations in Figure 5. In particular, the constants 
listed there allow us to form the following objects: 

— For every type A, the type Set (A) . 

— For every type A and name p[x] : Prf (prop) of an arithmetic proposition, the 
object set A ([x : A]p[a;]), which represents the set {a; : ^ | V^(p[a;])} in Set (A). 

— Given objects a : A and X : Set {A), the object & AaX, which represents a name 
of the proposition a G X. 

The computation rule (2) is represented by declaring: G Aa (set A P) computes to 
Pa. 

4.4.1 Remarks 

(1) We have introduced here a predicative notion of set. It is impossible in LTT„ 
to perform a definition that is impredicative in Weyl's sense. This restriction on 
which sets can be formed, proposed by Weyl and formalised in LTT^, is by no 
means the only way of defining a predicative notion of set. Historically, there have 
been a number of different ways of interpreting the concept of 'predicativity', and a 
number of different predicative formal systems that all impose different restrictions 
on which sets and functions may be defined. We discuss this matter further in 
Section 6. 

(2) It would be easy to modify the system to use instead the impredicative notion 
of set. This would involve changing the declaration of either prop, U or Set; the 
details are given in Section 5.2. When we declare both the predicative and the 
impredicative systems in this way, all the proofs in the predicative system can be 
reused without change in the impredicative. Further discussion of all these points 
may be found in [Luo 2006]. 

4.5 Anomalies in LTTw 

The system LTT^ has certain features that are anomalies, unwanted side-effects of 
our design choices. 

We chose to make the type universe U an object of kind Type. This means 
that the objects of kind Type no longer correspond to the categories of Weyl's 
system. There are certain extra objects in Type: U itself, as well as U x U, 
U => J7, N {/, and so forth. We can therefore do more in LTT^ than we can in 
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Weyl's system, such as define functions N =^ [/ by recursion, and hence define meta- 
functions N Type by recursion. For example, we can define the meta-function 
/ : (N ^ Type where 

n 

/(n) = N X N X • • • X N . 

We also chose to make prop an object of kind Prop. This results in the objects 
of kind Prop no longer corresponding to the propositions of Weyl's system. There 
are extra objects in Prop: prop itself, as well as prop D prop, Vx : N.prop, and so 
forth. If we had placed prop in Type instead, we would get more anomalous types, 
and the ability to define functions into prop by recursion. 

These anomalies would not arise if we made U and prop top-kinds, instead of 
placing them in Type and Prop. The choice of where to place the universes makes 
no practical difference for this formalisation, because we did not make use of any 
of these anomalous objects in our formalisation. We have checked that our proof 
scripts still parse if we declare prop : Type. 

It seems likely that these anomalies are harmless. We conjecture that LTTw is a 
conservative extension of the system in which U and prop are top-kinds. However, 
it also seems likely that this would not be true for stronger LTTs. What eflfect the 
placement of universes has in LTTs is a question that needs further investigation. 



5. FORMALISATION IN PLASTIC 

We have formalised this work in a version of the proof assistant Plastic [Callaghan 
and Luo 2001], modified by Paul Callaghan to be an implementation of LF'. We 
have produced a formalisation which includes all the definitions and proofs of several 
of the results from Weyl's book. 

In Plastic, all lines that are to be parsed begin with the character >; any line 
that does not is a comment line. A constant c may be declared to have kind 
(a;i : Ki) ■ ■ ■ : Kn)K by the input line 

> icixf.Kxl ■■■ [xn-.Knl : if] ; 

We can define the constant c to be the object [xi : Ki] ■ ■ ■ [xn '■ Kn]k of kind 
{xi : Ki)-- ■ {xn ■■ Kn)K by writing 

> Ldxi-.KJ ■ ■ ■ lXn:K,J = k : KI ; 

In both these lines, the kind indicator .K is optional, and is usually omitted. 

We can make any argument implicit by replacing it with a 'meta- variable' ?, 
indicating that we wish Plastic to infer its value. 

5.1 Results Proven 

5.1.1 Peano's Fourth Axiom. Peano's fourth axiom is the proposition 

Va; : N.s(x) ^ . 

This can be proven in LTT^ by taking advantage of the fact that we can define 
functions from N to Set (N) by recursion. 
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Define the meta-function / : N — > Set (N) as follows. 

/(O) = 
/(n + 1) = {x:N|T} 

Now, we have e /(n + 1). If n + 1 = 0, we would have e /(O) = 0, which is a 
contradiction. Therefore, n + I =^ 0. 

Peano's fourth axiom is often surprisingly difficult to prove in a type theory, 
requiring a universe or something equally strong. This is true in logic-enriched 
type theories, too; if wc remove U, prop and Set from LTT„, then Peano's fourth 
axiom cannot be proven in the resulting system. (Proof: the resulting system has 
a model in which every type has exactly one object.) 

5.1.2 Cardinality of Sets. In Weyl's system, we can define the predicate 'the set 
X has exactly n members' in the following manner. 

Given a basic category A, define the function K :N ^ Set (Set (A)) by recursion 
as follows. The intention is that K(n) is the set of all sets X : Set (^4) that have at 
least n members. 

K{0) = {X : Set (A) \ T} 

K{n +1) = {X: Set {A) \ 3a : A{a & X h X\ {a] € K{n))] 

In Plastic, this is done as follows: 

> [at_least_set [tau : U] = E_Nat ( [_ : Nat] Set (Set (T tau))) 

> (full (Set (T tau))) 

> [n : Nat] [Kn : Set (Set (T tau))] set (Set (T tau)) 

> [X : Set (T tau)] ex tau [a : T tau] 

> and (in (T tau) a X) (in ? (setminus' tau X a) Kn)] ; 
We define the proposition 'X has at least n members' to be X e K{n). 

> [At_Least [tau : U] [X : Set (T tau)] [n : Nat] 

> = In ? X (at_least_set tau n)] ; 

For n a natural number, define the cardinal number n to be {a; : N | a; < n}. 

> [card [n : Nat] = set Nat [x : Nat] It x n] ; 

Define the cardinality of a set A to be |A| = {n : N | A has at least s(n) members}. 

> [cardinality [tau : U] [A : Set (T tau)] 

> = set Nat [n : Nat] at_least tau A (suae n)] ; 

We can prove the following result: 

The cardinality \X\ of a set X is either {x : N | T} or n for some n. 

We thus have two classes of cardinal numbers: n, for measuring the size of finite 
sets, and {a; : N | T}, which we denote by oo, for measuring the size of infinite sets. 
(There is thus only one infinite cardinality in Das Kontinuum.) We define 'X has 
exactly n members' to be \X\ =set(N) ^• 

> [inf ty = full Nat] ; 

> [Exactly [tau : U] [A : Set (T tau)] [n : Nat] 

> = Seteq Nat (cardinality tau A) (card n)] ; 
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With these definitions, we can prove results such as the following: 

(1) If A has at least n elements and m < n, then A has at least ni elements. 

(2) If A has exactly n elements, then m <n iS A has at least m elements. 

(3) If A has exactly m elements, B has exactly n elements, and A and B are 
disjoint, then Au B has exactly m + n elements. 

We have thus provided definitions of the concepts 'having at least n mem- 
bers' and 'having exactly n members' in such a way that the sets {X : Set {A) \ 
X has at least n members} and {X : Set (A) \ X has exactly n members} are de- 
finable predicatively. This would not be possible if, for example, we defined 'X has 
exactly n elements' as the existence of a bijection between X and n; we would have 
to quantify over the ideal category A N. It also cannot be done as directly in a 
predicative system of second order arithmetic such as ACAq [Simpson 1999]. 

5.1.3 Construction of the Reals. The set of real numbers is constructed by the 
following process. We first define the type of integers Z, with a defined relation of 
equality «z- We then define a rational to be a pair of integers, the second of which 
is non-zero. That is, for g : Z x Z, we define is rational' by 

{x, y) is rational = y^zO ■ 

We proceed to define equality of rationals {q q'), addition, multiplication and 
ordering on the rationals. 

A real is a Dedekind cut of rationals; that is, an object R of the category 
Set (Z X Z) that: 

— is a domain of rationals; if q and q' are rationals, q G R, and q rsq q', then q' e R; 

— is closed downwards: if q and q' are rationals, q & R, and q' < q, then q' G R; 

— has no maximal element; for every rational q & R, there exists a rational q' & R 
such that q < q'; 

— and is neither empty nor full; there exists a rational q such that q € R, and a 
rational q' such that q' ^ R. 

Equality of reals is defined to be extensional equality restricted to the rationals: 

R S = V(j'((j' is rational D e i? g e S)) 

We note that, in this formalisation, we could define the collection of integers 
as a type, because every pair of natural numbers is an integer. In contrast, there 
was no way to define the collection of rationals as a type, say as the 'sigma-type' 
'(Eg : Z X Z)g is rational'. This is because our LTT offers no way to form a type 
from a type Z x Z and a proposition 'g is rational'. We are, however, able to form 
the set Q = {g : Z X Z I g is rational} : Set (Z x Z) . Likewise, we cannot form the 
type of reals, but we can form the set of reals M : Set (Set (Z x Z)). 

5.1.4 Real Analysis. Weyl was keen to show that his predicative system was 
strong enough to be used for mathematical work by demonstrating that, while 
several traditional theorems cannot be proven within it, we can usually prove a 
version of the theorem that is only slightly weaker. 
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For example, we cannot predicatively prove the least upper hound principle: that 
every set A of real numbers bounded above has a least upper bound I. Impredica- 
tivcly, we would define I to be the union of A. This cannot be done predicatively, as 
it involves quantification over real numbers. However, we can prove the following 
two statements, which are enough for most practical purposes: 

(1) Every set S of rational numbers bounded above has a unique (real) least upper 
bound I. Take / = e Q | {3q' G S)q < q'}. 

(2) Every sequence ri,r2, . . . of real numbers bounded above has a unique least 
upper bound I. Take Z = {g e Q | (3n : K)q e r„}. 

These involve only quantification over the rationals and the natural numbers, re- 
spectively. (We note that either of these is equivalent to the least upper bound 
principle in an impredicative setting.) 

The first is enough to prove the classical Intermediate Value Theorem: 

If / : Set (Z X Z) ^ Set (Z x Z) is a continuous function from the reals 
to the reals, and /(a) < v < f{b) for some reals a, 6, v with a < b, then 
there exists a real c such that a < c < b and /(c) = v. 

The predicative proof of this theorem takes advantage of the fact that a continuous 
function is determined by its values on the rationals. Wcyl defined c to be the least 
upper bound of the set of all rationals q such that a < q < b and f{q) < v. In the 
formalisation, we defined directly: c = {q€Q \ {3q' G Q){q < q' < b A f{q') < v)}. 

5.2 An Impredicative Development 

As mentioned in Section 4.4. it is not difficult to modify this formulation to get a 
development of the same theorems in an impredicative system. All we have to do 
is remove the distinction between large and arithmetic propositions. 

We do this by adding two impredicative quantifiers to prop, together with their 
computation rules: 

V : (A : Type){A Prf (prop)) ^ Prf (prop) V{yAP) = yA{[x : A]V{Px)) 
3: {A: Type)(^ ^ Prf (prop)) ^ Prf (prop) V{3AP) = 3A{[x : A]V{Px)) 

Now prop, which determines the collection of propositions over which sets can 
be formed, covers the whole of Prop. We can form the set {a; : ^4 | (plx]} for any 
well-formed proposition (plx]. However, all our old proof files written in terms of 
prop and V still parse. 

Once this change has been made, we can go on to prove the statement that every 
set of real numbers bounded above has a least upper bound. 
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There are other ways in which we could have made our system impredicative. 
We could have changed the construction of U, so that every type in Type has 
a name. The simplest way would be to erase the universes U and prop, and to 
change every instance of prop to Prop in the constants associated with Set (Figure 
5). However, this would leave us unable to reuse the proofs that we had written for 
the predicative system. We could also have replaced the declarations of prop and 
V (Figure 4) with 

prop = Prop V = [x : Prop] Prop 

1 = -L D =D 

V = : U]y{TA) ~ =~ 

However, at present Plastic becomes unstable when equations are declared at the 
top-kind level such as prop = Prop. 

6. RELATED WORK 

Weyl's work in Das Kontinuum is by no means the only attempt to provide a pred- 
icative foundation to mathematics. Historically, there have been several different 
views on which definitions and proofs are predicatively acceptable. Of these, Weyl's 
in Das Kontinuum is one of the strictest. Many of these have been formalised as 
systems of second-order arithmetic. The question of to what extent they may be 
formalised by type theories, and the related question of which type theories may 
be considered predicative, have not received much attention before now. 

6.1 Other Formalisations of Das Kontinuum 

Fefcrman [Feferman 2000] has claimed that the system ACAq is "a modern for- 
mulation of Weyl's system." The system ACAq is a subsystem of second-order 
arithmetic, so it deals only with natural numbers and sets of natural numbers. A 
set {x I (/>[.t]} may only be introduced in ACAq for an arithmetic predicate (l)[x\: 
this is the 'arithmetic comprehension axiom' that gives the system its name. The 
stronger system ACA has also been studied, which has a stronger induction prin- 
ciple: ACAo has the induction axiom 

VX(0 G X D Va;(a; e X D s{x) e X) D Vara; G X) , 

whereas ACA has the induction schema 

(j)[0] D Va;(<?!.[a;] D <?!'[s(a;)]) D Va;<?!>[a;] 

for every formula (j)[x]. 

Weyl does go beyond ACAq in two places: in his definition of the cardinality 
of a set ([Weyl 1994, Chapter 1 §7, pp. 38-39]), and the results proven using 
this definition ([Weyl 1994, Chapter 2 §1, pp.55f]). The definition requires the use 
of third-order sets (sets of sets), and the proofs use a stronger induction principle 
than the one found in ACAq . When formalising these parts of the book (see Section 
5.1.2 above), we needed to use the type Set (Set (A)), and to use Indw with a large 
proposition. 
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The rest of Das Kontinuum can be formalised in ACAq. It is also possible to 
find another definition of the cardinality of a set that can be formalised in ACAq, 

and the results in Das Kontinuum, can then be proven in ACAq. However, these 
two sections of the book show that Weyl did intend his system to be more than 
second-order. 



6.2 Other Approaches to Predicativity 

The concept of predicativity originated with Poincare and Russell in 1906-8, who 
held that the paradoxes of set theory each invoked a definition that involves a vicious 
circle] in each case, a set A is defined using a concept that presupposes the set A 
itself. They proposed the vicious circle principle, which holds that such definitions 
are illegitimate. Poincare wrote [Poincare 1906]: "A definition containing a vicious 
circle defines nothing." Russell expressed the vicious circle principle as follows 
[Russell 1906] : "Whatever involves an apparent [bound] variable must not be among 
the possible values of that variable." 

Russell proceeded to develop the theory of types [Russell 1908], a system of logic 
that strictly adheres to the vicious circle principle. The theory divides mathematical 
objects into types. These include the type of individuals; the type of Oth-ordcr 
or arithmetic sets of individuals, sets that can be defined using quantifiers that 
range over individuals only; the type of Ist-order sets, sets that can be defined by 
quantifying over individuals and Oth-order sets; the type of 2nd-order sets, defined 
by quantification over individuals, Oth-order sets and Ist-order sets; and so forth^. 

This ramification has some undesirable consequences; for example, if we define 
real numbers as sets of rationals, we find we have Oth-order reals, Ist-order reals, 
and so forth. The usual development of analysis cannot be carried out in this 
framework: for example, the least upper bound property does not hold for any of 
these reals. 

Russell's solution was to introduce the Axiom of Reducibility: for every nth-order 
set, there is a Oth-order set with the same members. This axiom effectively allows 
impredicative definitions to be made in the theory of types. Weyl's solution, as we 
have seen, was to allow only Oth-order sets. 

Godel [1944] suggested constructing sets of transfinite order; to form sets of order 
a, where a ranges over some initial segment of the ordinals. The sets of order a + 1 
are those that can be formed by quantifying over the sets of order < a; for each limit 
ordinal A, the sets of order A are the union of the sets of lower order. This idea was 
later named the ramified, a,nalyti,c hierarchy by Klcenc [1959]. Krcisel [1960] that 
the predicatively acceptable sets should be identified with the sets of order a for 
a a recursive ordinal. Feferman [1964] and Schiitte [1965] independently suggested 
that the predicatively acceptable sets should be identified with those of order < Fq. 
This latter idea has dominated the thinking on predicativity since. 



^Russell's theory of types included many more types than those Usted here. For a historical 
account, we refer to [Kamareddine et al. 2002]. 
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6.3 Predicativity in Type Theory 

In general, the type theory community has confined its interest in predicativity to 
the question of whether a universe is predicative. 

Roughly, a universe is a type of types. A universe U is called impredicative if 
some of the types in U are constructed using U itself; otherwise, U is predicative. 
A type theory is called predicative if it uses no impredicative universes. 

Martin-L6f 's original type theory [Martin-L6f 1971] used a single universe V, 
which was highly impredicative as the system used the typing rule V € V. After 
Girard [1972] showed that the system was inconsistent, Martin-Lof [1972] modified 
the system so that the universe became predicative. Later he extended the system 
with an infinite sequence of universes [1975], and with W-types, types of well-ordered 
trees [Martin-Lof 1982]. 

Apart from the universes and the W-types, all the types in Martin-Lof type theory 
are simple inductive definitions, and so can be defined by an explicit predicative 
definition given the natural munbcrs: in this sense, Martin-Lof type theory without 
W-types is predicative modulo the natural numbers. It was conjectured by Peter 
Hancock [Martin-Lof 1975] and proved independently by Peter Aczel and Feferman 
[Feferman 1982] that the proof-theoretic strength of Martin-Lof type theory, with 
infinitely many universes but without W-types, is Pq. 

Including the W-types increases the strength of the system dramatically. Setzer 
[1993] has shown that the theory with W-types and just one universe has a proof- 
theoretic ordinal much larger than Pq. If one agrees with Feferman and Schiitte, 
then W-types are an impredicative element in the type theory. 

It is worth noting that consistent impredicative type theories have also been 
usefully employed, most notably the Calculus of Constructions [Coquand and Huet 
1988] and its variants. 

6.4 Predicativity in Logic-Enriched Type Theories 

Logic-enriched type theories may provide a useful tool for investigating all these 
diff'erent conceptions of predicativity, as they provide a setting in which the three 

questions listed at the start of the section arc kept separate. When designing a 
logic-enriched type theory, we are able to adjust three parameters independently. 

(1) We can make the propositional universes stronger or weaker. This will deter- 
mine which predicates may be used to define sets. 

(2) We can include more or fewer types in each type universe. This will determine 
which inductive definitions may be used to define types. 

(3) We can make the universes predicative or impredicative. 

This flexibility means logic-cnric;lic;(l type theories form a very rich structure. It 
would likely be fruitful to explore this structure by constructing LTTs correspond- 
ing to different approaches to the foundations of mathematics, and investigating 
correspondences between these LTTs and both traditional type theories and sys- 
tems of predicate logic. This would provide a setting in which we could experiment 
by (say) adding and removing generalised inductive types, in a way that is much 
more suitable for machine-assisted formalisation than are systems of predicate logic. 
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7. CONCLUSION 

We have conducted a case study in Plastic of the use of a type-theoretic framework 
to construct a logic-enriched type theory as the basis for a formalisation of a non- 
constructive system of mathematical foundations, namely that presented in Weyl's 
Das Kontinuum. As a representation of Weyl's work, it is arguably better in some 
ways than such second-order systems as ACAq [Feferman 2000] , since we can form 
a definition of the cardinality of a set that is much closer to Weyl's own. The 
formalisation work required only a minor change to the existing logical framework 
implemented in Plastic. 

7.1 Further Work 

We have seen how LTT^ corresponds very closely to Weyl's system. It is possible 

to embed the system ACA in LTT^ . We can also embed the system ACAq in LTT.iv 
with the constant Indm removed and replaced with 

indN : (P : N ^ Prf (prop))Pr/ {V{PQ)) 

{{x : N)Prf (y{Px)) Prf {V{P{sx)))) (n : N)Prf iV{Pn)) , 

which allows us to prove only arithmetic propositions by induction. 

It is also possible to define a translation from LTTw to Martin-L6f Type Theory 
with one universe^ extended by the axiom of excluded middle, and from ACA to 
LTT-jv. Future work will involve investigating these translations further — whether 
they are conservative, and whether a translation can be defined in the opposite 
direction in each case. 

We also hope to define more logic-enriched type theories corresponding to other 
schools in the foundations of mathematics; both other approaches to predicativity, 
and other schools entirely. For example, we anticipate wc can construct a system 
corresponding to the Theory of Types by extending UTT^ with infinitely many 
type and propositional universes. A stronger universe construction should also 
allow us to capture Kreisel's construction of the ramified analytic hierarchy over 
the recursive ordinals. It remains to be seen whether we can capture Feferman- 
Schiitte predicativity, or whether another principle more naturally suited to LTTs 
will be discovered. 

It would also be interesting to carry out the impredicative development of analysis 
in our setting, reusing the code from the predicative development. 

A. THE LOGICAL FRAMEWORK LF' 

LF' is an extension of the logical framework LF as described in Chapter 9 of [Luo 
1994] . LF is a typed version of Martin-L6f 's logical framework and LF' extends LF 
by the propositional kind Prop and the associated rules. 
Formally, the terms of LF' are of the following forms: 

Type, El{A), Prop, Pr/(P), {x : K)K' , [x : K]k' , f{k), 

where the free occurrences of variable x in K' and k' are bounded by the binding 
operators (a; : K) and [x : K], respectively. We shall usually omit El when writing 
kinds. We write K ^ K' for (a; : K)K' when x does not occur free in K' . 
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Contexts and assumptions 




\ \- K kind xf±'V[L) l,x:K,l valid 




\J VCitlU i , . i\ VailCl i , . x\ , i \^ X . I\. 




General equality rules 




r h if kind T\- K = K' K = K' K' = K" 




T\- K = K T\- K' = K K = K" 




Thk:K Thk = k':K T h k = k' : K T h k' = k" 


K 


1 ' 1 7 7 ry -f-\ 17/ 7 TV" T> 1 7 7 // 

r \- k = k: K T \- k' = k: K T \- k = k" : K 




Equality typing rules 




Vr k: K Vr K = K' T \- k = k' : K T \- K = K' 




T\-k:K' Thk = k':K' 




Substitution rules 




r,x: K,T' valid T^k: K 




r, [k/x]r' valid 




r,x : K,T'^K' kind T^k: K r,x: K,rh K' kind T h = 


= k': K 


r, [k/x\T' h \klx\K' kind T, \klx\V' t- [klx\K' = [k' / 


x]K' 


T,x : K,r' ^ k': K' k: K T, x : K,r' ^ k' : K' T h ki = 


k2: K 


r, [k/x]r h [k/x]k': [k/x]K' r, [ki/x]T' h [ki/x]k' = [k2/x]k': 


[ki/x\K' 


T,x : K,T'h K' = K" T^k: K T,x: K,T' h fc' = k" : K' Thk: K 


r, [k/x]r h [k/x]K' = [k/x\K" r, [k/x\T' h [k/x\k' = [k/x]k" 


[k/x\K' 



Fig. 6: Rules of deduction of LF' (I) 



There are five forms of judgements: 

— r valid, which asserts that F is a valid context; 

— T \- K kind, which asserts that K \s a. kind; 

— r h fc : K, which asserts that k is an object of kind K: 

— T \- k = k' : K, which asserts that k and fc' are equal objects of kind K; 

— T \- K = K', which asserts that K and K' are equal kinds. 

The rules of deduction of LF' are those of LF [Luo 1994] plus those involving Prop. 
For completeness, they are given in Figures 6 and 7. 

B. SPECIFICATION OF LTTw 

The following is the list of all the constant and equation declarations that comprise 
the specification of LTTw within LF'. We write the constants D, D, x and x as 
infix; so we write D 4''tp as 4> D ip. We shall also write ~ A ah as a ~a b, and 
~ A a 6 as a~A&- 
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The kind Type 

T valid ri-A:Type ri-A = B:Type 

r h Type kind V h El{A) kind V h El{A) = El{B) 

The kind Prop 

T valid rhPiProp ri-P = Q:Prop 

r h Prop kind T\-Prf{P) kind T \- Prf (P) = Prf (Q) 

Dependent product kinds 

T^K kind r,x:KhK' kind T h Ki = K2 T,x : Ki h K{ = K'^ 
r h (a; : K)K' kind T\-{x: Ki)K[ = {x : K2)K^ 

r,x:Khk:K' T ^ Ki = K2 T,x : Ki ^ ki = k2: K 

T\-[x:K]k: (x : K)K' T \- [x : Ki]ki = [x : K2]k2 : (x : Ki)K 

r h / : (x : K)K' Thk: K rh/ = /':(x: K)K' T h fci = fca : 

r\-f{k): [k/x]K' fKf(fcoTm)nfc74^^ 

T,x : K'r k' : K' k: K T h /: {x : K)K' x ^ FV{f) 

r h ([x : K]k'){k) = [k/x]k': [k/x]K' T h [x : K]f{x) = / : (x : K)K' 



Fig. 7: Rules of deduction of LF' (II) 

B.l Classical Predicate Logic 

_L : Prop 
±E : {p: Prop)Pr/ (_L) ^ Prf (p) 

D : Prop Prop — > Prop 
Dl : {p,q: Prop)(Pr/ (p) ^ Prf (q)) ^ Pr/ (p D g) 
Z)E : {p,q: Prop)Pr/ (p D 9) ^ Pr/ (p) ^ Pr/ (g) 

Peirce : {p,q: Prop)((Pr/ (p) ^ Pr/ (9)) ^ Pr/ (p)) ^ Pr/ (p) 

V : (A : Type) (A Prop) Prop 
V7 : (A : Type)(P : A ^ Prop)((a; : A)Prf (Px)) Prf (WAP) 
\/E : {A: Type)(P : A Prop) (a : A)Prf {VAP) Prf (Pa) 
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B.2 Natural Numbers 

N : Type 

: N 

s : N^N 

Ef^ : (C : N Type)CO ^ ((n : N)Cn ^ C(sn)) ^ {n : N)Cn 
EfiCabO = a : CO 

E^Cab (sn) = 6 n (En Cabn) : C (sti) 
IndN : (P : N ^ Prop)Pr/ (PO) ^ ((n : N)Pr/ (Pn) ^ Pr/ (P(sn))) ^ 
(n : N)Pr/ (Pn) 

B.3 Pairs 

X : Type ^ Type ^ Type 

pair : (A, B : Type)A B ^ A x B 

: {A,B : Type)(C : A x B ^ Type)((a : A){b : B)C{pah: AB ab)) 
{p:Ax B)Cp 
Ex ABCe{pahABab) = eab : C{paivABab) 
Indx : (AS:Type)(P: AxB^Type)((a: A)(6:B)Pr/(P(pairylBa6))) 
-^{p:Ax B)Prf {Pp) 

B.4 Functions 

^ : Type ^ Type ^ Type 
\ : {A,B: Type)(^ ^B)^{A^B) 
E^ : (^,B:Type)(C: (A^B)^Type)((6:yl^S)C(AylB6))^ 

{f:A^ B)Cf 
ABC e{\ABb) = eb: C{XABb) 
Ind^ : {A,B -.Type) {P : {A ^ B) ^ Prop) {{b : A ^ B)Prf iP{X A Bb))) ^ 
{f:A^B)Prf{Pf) 

B.5 The Type Universe 

U : Type 

T : U ^ Type 

N : U 

X : U^U^U 
TN = N : Type 
T{AxB) =TAxTB: Type 
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B.6 Equality 

~ : : U)TA ^TA^ Prop 
~ J : {A:U){a: TA)Prf (a ~a a) 

c^E : {A:U){P -.TA^ Prop) (a, b : TA)Prf (Pa) Prf (a ~a b) Prf (Pb) 
B.7 The Propositional Universe 



prop 


Prop 




V 


Prf (prop) 


Prop 


1 


Prf (prop) 




D 


Pr/ (prop) 


Prf (prop) ^ Pr/ (prop) 


V 


{A : C/)(TA 


Prf (prop)) ^ Prf (prop) 




(A : U)TA - 


^ Pr/ (prop) 



Vl = ±: Prop 

y(pZ)g) = D : Prop 

V{yAP) = V(TA)[a; : rA]y(Pa;) : Prop 

V{a^Ab) = a c^A b : Prop 

B.8 The Predicative Notion of Set 

Set : Type Type 

set : {A : Type) (A ^ Prf (prop)) ^ Set (A) 
G : {A: Type)A ^ Set {A) Prf (prop) 
G A a (set AP) = Pa: Prf (prop) 
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